March 17, 2008 10:00 ET

OpenAjax Alliance Announces New Initiatives Around Secure Mashups and Mobile Device APIs

NEW YORK, NY--(Marketwire - March 17, 2008) - The OpenAjax Alliance today revealed new standards and open source initiatives for secure mashups, Ajax on mobile devices, and a unified browser wish-list from Ajax toolkit suppliers. Ajax is the technology behind most Web 2.0 applications, including the increasingly popular "mashup," a website or application that combines content from more than one source into an integrated experience, and Web "gadgets," which can be placed into Web pages and social network sites.

The OpenAjax Alliance is an organization of vendors, open source projects and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. Today from AJAXWorld in New York City, the alliance is announcing a set of coordinated initiatives that will unleash the power of mashups, but within the context of a secure mashup framework that prevents malicious attacks, such as cross-site scripting (XSS) and cross-site request forgery (CSRF). The two centerpieces of the secure mashups initiatives are OpenAjax Hub 1.1 and OpenAjax Metadata.

OpenAjax Hub 1.1 extends the publish/subscribe features found in the recently approved OpenAjax Hub 1.0 to allow incorporation of untrusted mashup components, known as widgets, from third parties. Using a technology called "SMash" that was contributed by IBM (NYSE: IBM) to OpenAjax Alliance, untrusted widgets are isolated into IFrames and can only communicate with the rest of the mashup through a secure, mediated message bus. The alliance is producing both a formal specification for industry standard OpenAjax Hub 1.1 APIs, along with a commercial-ready open source JavaScript reference implementation.

Today, there are dozens of proprietary widget formats, making widespread use difficult. OpenAjax Metadata defines industry-standard XML metadata for widgets and Ajax libraries so users can mash information from more sources. The Alliance also has a companion open source project that is developing a set of transcoders from popular widget formats, such as Google Gadgets, into OpenAjax Metadata, so that these proprietary widget formats can achieve OpenAjax Metadata compatibility immediately. Additionally, the alliance is developing a sample open source mashup application that uses OpenAjax Hub 1.1 in its runtime engine and assembles widgets that are compatible with OpenAjax Metadata. This mashup application integrates the open source widget transcoders, thereby allowing integration of existing proprietary widget formats, such as Google Gadgets.

"Today's announcements from the Alliance illustrate how it is helping extend the reach of Ajax from the consumer space into the enterprise by introducing the ability to security mashups as well as use any existing Widget or Gadgets in an Ajax Application," said David Boloker, OpenAjax Alliance Steering Committee Chairman. "With OpenAjax Hub 1.1, a Web page can allow or disallow untrusted JavaScript code to communicate with other widgets, Gadgets or existing JavaScript code, thereby isolating the untrusted JavaScript code."

The Ajax industry today has dozens of useful Ajax libraries and several popular developer tools, but integration of Ajax libraries into Ajax tools has been a largely library-by-library manual process for the tool vendors. In addition to its mashup features, OpenAjax Metadata also defines a comprehensive industry XML standard for describing Ajax library APIs and UI controls, with the objective to allow arbitrary Ajax tools to integrate with arbitrary Ajax libraries. Among the participants on the IDE committee are representatives from Adobe, Aptana, Dojo, Eclipse, IBM, Microsoft, Sun, TIBCO and Zend.

"The strategy is not to replace the well defined custom formats for metadata that each development environment already uses. Nor is it to ask the Ajax library creators to change the way in which their code is currently annotated and documented. Instead we're working with development tool providers, which represent a strong majority of the market and the Ajax community, to create a shared intermediary format -- a format to and from which each custom format can be transformed," said Kevin Hakman of Aptana who chairs the IDE working group. "In addition, to make it dead easy to use, we are also engaging the community to create open source transformation utilities for the more common and broadly used JavaScript API annotation schemes such as the popular JavaScript auto-documentation utility JSDoc."

The alliance announces a new Mobile Ajax initiative to broaden the use of Ajax on mobile phones. On mobile devices, the industry is using the Ajax platform (Web Runtime) not just for Web browsing, but also for downloaded widgets and for the user interface for device-resident applications. Many of these new classes of Ajax-powered mobile applications require integration with the phone's operating system, such as retrieval of the user's current location, which might help improve search applications, or access to the phone dialer, in order to allow one-touch dialing of a phone number that might appear in a Web page or a widget. To address this emerging industry requirement, the alliance's Mobile Task Force has launched a fast-track activity to establish use cases, requirements, and characterize the requirements of the security effort, with likely follow-on efforts to pursue industry standards and/or open source.

"In order to deliver tomorrow's innovative mobile applications, the industry needs to standardize its approach to allowing the Web Runtime to use mobile device services, such as current location, messaging services, address book, and connection status," said Brad Sipes, CTO and Engineering Vice-President of Ikivo, which co-chairs the Mobile Task Force at OpenAjax Alliance. "By unifying the industry around a common approach, and defining the security requirements, OpenAjax Alliance's efforts will help propel the next-generation of mobile applications."

"Vodafone is actively participating in this effort to help drive the industry towards a consensus position on the use of AJAX technologies for delivering new Web-based services and applications through the mobile phone," said David Pollington, Senior Manager, Vodafone Group R&D, Terminal Research. "Vodafone Group R&D has already been looking into such concepts and has put their JavaScript extensions work (MobileScript) in the public domain via the OpenAjax Alliance and Vodafone's own Betavine developer site to help progress discussions within the industry."

The alliance recently launched its Runtime Advocacy Task Force, which is collecting a unified wish list of key foundation features that are needed in future browsers in order to unleash the next-generation of innovations from Ajax toolkits. Many of the features in the list are specific performance-related requests to specific browsers, which if fixed will enable Ajax toolkits to deliver cross-browser user experience innovations in future releases. The alliance has worked with Ajax industry leaders to produce a wiki that holds its initial list of feature requests. At its face-to-face meeting on Friday, March 21, the Alliance will conduct a town-hall meeting on the feature request list, and will soon launch online voting by the community to comment on and rank the feature requests.

"Ajax has emerged as a core platform upon which services are delivered upon. However, the various Ajax runtime issues have been and continue to be challenges. What can we do to make it better? OpenAjax Alliance is a great vehicle for us to get together and help make progress on these issues," said Coach Wei, CTO of Nexaweb and Chair of OpenAjax Runtime Task Force. "At the OpenAjax Runtime Advocacy Task Force, we are drawing the attention to Ajax runtime issues, gathering community opinions, facilitating dialogs, and hopefully help deliver better Ajax runtime environments upon which service providers can deliver even better web experience going forward."

About OpenAjax Alliance

The OpenAjax Alliance is an organization of leading vendors, open source projects, and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. The prime objective of the group is to accelerate customer success with Ajax by promoting a customer's ability to mix and match solutions from Ajax technology providers and to help drive the future of the Ajax ecosystem. To learn more about OpenAjax Alliance, please visit: www.openajax.org

All product and company names herein may be trademarks of their respective owners.